RansomwareDon't Pay Up - How To Beat Ransomware!Don't Pay Up - How To Beat Ransomware!Just imagine if someone showed up on your doorstep and said, "Hey, there's mice in your house that you didn't know about. Give us $100 and we'll get rid of them." This is the Ransomware...Read More is an especially odious type of malware. The way it works is simple. Your computer will be infected with some malicious software. That software then renders your computer entirely unusable, sometimes purporting to be from local law enforcement and accusing you of committing a computer crime or viewing explicit pictures of children. It then demands monetary payment, either in the form of a ransom or a ‘fine’ before access to your computer is returned.

Horrible, isn’t it? Well, get ready to meet CryptoLocker; the evil patriarch of the Ransomware family.

What Is CryptoLocker

CryptoLocker is a piece of malware targeting computers running the Microsoft Windows operating system. It is typically spread as an email attachment, often purporting to be from a legitimate source (including Intuit and Companies House). Some say it is also being spread through the ZeuS botnet.

Once installed on your computer, it systematically encrypts all documents that are stored on your local computer, as well as ones that are stored on mapped network drives and mounted removable storage.

The encryption used is strong, 2048 bit RSA, with the decryption key for your files being stored on a remote server. The odds of you being able to break this encryption is almost nonexistent. If you want to get your files back, CryptoLocker asks for you to fork over some cash; either two bitcoinsWhat Can I Buy With Bitcoin? [MakeUseOf Explains]What Can I Buy With Bitcoin? [MakeUseOf Explains]If you’ve never heard of Bitcoin before, then don’t worry because you’re in the majority. Let’s just say that it’s a virtual currency (meaning you’ll never be able to hold an actual Bitcoin in your...Read More (At the time of writing, worth almost USD $380) or $300 in either MonkeyPak or Ukash prepaid cards. If you don’t pay within three days, the decryption key is deleted and you lose access to your files forever.

Ransomware such as CryptoLocker is not something very new – variations of Ransomware have been around for years. When you look at CryptoLocker, it predominantly comes in via phishing emails (from what I’ve seen). The best way to protect against it is for users to be vigilant against clicking on links within emails. Currently, it looks like there’s not much that can be done once infected and I wouldn’t advice anyone to pay the ransom. It goes back to having backups and data management in place.

Mitigating Against It

Reports suggest that some security programs have had a hard time of preventing CryptoLocker from getting its claws onto your system before it’s too late. Fortunately, American security expert Nick Shaw has created a handy piece of software called CryptoPrevent (free) . This applies a number of settings to your installation of Windows that prevents CryptoLocker from ever executing and has been proven to work in Windows XP and Windows 7 environments.

It’s also worth making sure that you check emails to see if they’re suspect before you open up any email attachments. Do they have an email address that matches up with the purported sender? Were you expecting any correspondence from them? Is the spelling and grammar consistent with what you’d expect from the genuine sender? These are all reasons to be suspicious of an email and to think twice about poking in any attachments.

Having Proper Backup

In these circumstances, I’d encourage everyone to make regular backups that are isolated from your computer. Using a networked backup solution will be utterly ineffective, as CryptoLocker has been known to encrypt data stored on these volumes.

I work for Carbonite on the operations team, and I can confirm this for most cases – I will also offer these two pieces of advice:

1) If you are affected by the virus, you should disable or uninstall Carbonite as soon as possible. If you stop backing up the files, it’s more likely that Carbonite will not have overwritten a “last known good” backup set. There is a high risk of some recent data loss (you’re effectively going back in time, so if we have no record of the file existing at a previous time, you won’t get it back) with this method, but it’s far, far better than losing all of your files.

2) When you call customer support, which you should do as soon as possible, specifically mention that you are infected with cryptolocker. It was mentioned in the post above, but I just wanted to put emphasis on it because it’ll get you through the queue faster.

Edit: also, just to state the obvious, make doubly sure the infection is off your machine before you call support, please.

Should You Pay The Ransom?

What if your computer gets compromised? It goes without saying that brute forcing a file encrypted with 2048 bit encryption is almost impossible. Noted computer security firm Sophos has looked at a number of files that have been encrypted by this particular malware and has failed to notice any obvious means in which they can be decrypted without forking over a ransom.

With that in mind, the only way to get your data back is by paying the ransom. However, this poses a major ethical dilemma. By paying the ransom, you make this type of chicanery profitable and therefore perpetuate it. However, if you don’t pay the ransom, you forever lose access to everything you’ve been working on which is stored on your computer.

What further complicates things is that it is impossible to ascertain who would be the recipient of any money paid. It may something so simple as a single person working from his bedroom looking to get rich at the expense at others, or it might be something much more sinister.

Conclusion

I’ll leave the floor to you, the reader. Would you pay the ransom? Have you been infected with CryptoLocker? Leave your thoughts in the comments box below.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

jymm

March 10, 2017 at 12:37 pm

If I dual boot, (I dual boot Debian Jessie and Ubuntu Mate 16.04) and only one Distro is mounted, can the locker lock the unmounted distro? I am guessing if the distro is not mounted the locker cannot lock your files, but would like that verified.

Ok Everyone and Matthew, lets get back to the basics. There is a great deal of information in these comments which when all added up together can become very confusing.

So now I understand if use SkyDrive linked to you hard drive you can be effected, so this is really not an answer. Protecting you files is of the most importance in any situation so we need to know the best way to do that.

Stopping the virus from getting in, in the first place would be best however that would be a perfect world. Forget it.

Also if new viruses and Trojans are developed in the future Well Then He's Jonny I'm Home, Right?

Many non technical average users find making all these back disk a real challenge and then to keep them updated WOW more trouble.

In my personal opinion a removable flash drive out weighs all of it. True or False?

I hear a lot of controversy on clouds, This Cloud, That Cloud, This Cloud, Which dammm Cloud.

What about Norton off site Back up. Is that not safe either? Or is it? Should I Just keep my Norton running as usual and run Norton backup to retrieve my files as I have before.

Is it possible to take all the information in everyone's comments and put it into an easy to read and to follow format. Like step 1,2,3 The Best of the Best iron clad and user friendly process.

Please all you guru's out there should be able to come up with the most effect and easy to plan, considering the age of todays technology. No Pun intended, LMAO

I got this nasty piece of virus last week and I was freaked out because I had been working on a proposal that was not backed up any where. I had a rollback rx installed and i was really praying and hoping it would save me because after reading online about it I was really doubting anything would get my out of this mess. So i rolled back my pc to a earlier snapshot and closed my eyes and prayed some more LOL!! it actually worked. I was able to rollback to a earlier snapshot 2 hours earlier and I was virus free and my proposal I was working on was still there! So maybe some of you may want to check out rollback rx

I back up everything on an external HDD, it I get a virus this bad (one I can not get rid of with the tools I have), I format my PC, reinstall win, then connect the external HDD and restore my stuff. If my PC has a virus, I do not back up anything or connect my external to the PC, I have a few back-ups (different drives, 4 of them for safty) I can choose from. this may be a bit much, but some things like pics (for example) can not be replaced. you can never be safe enough.

What if you were to make backups by cloning your drive, to include OS. Then if your primary drive becomes infected, just power down, pop it out and pop in the clone. Power back up and erase/format infected drive.... (Unless crypto is able to spread to the cloned drive after power up).

Once drives are infected, can Crypto "hide" out somewhere, even if pc is powered off and the drive replaced??? So that if I did replace the infected drive with the clone, is there a possibility of the clone being infected when pc is powered ups?

Otherwise I can forsee that there may be a potential problem...knowing what caused the infection to begin with... if it resides on the backup (clone), you would sure want to identify it and delete it before accidently running it again.

This might be a plan, maybe-maybe not. I've used this method for a couple of years and seems to make recovery pretty painless. Just say'in.

Been trying to think of a way to be secure in the setup... Could a network drive be made inaccessible to a particular user, and then make it so that unzip (executables, some executables?) only works with that user's credentials?

could somebody please help me? this thing is cureently on my laptop and im worried my photos of my kids etc will all be deleted. im not good with computers and now i have basically 24hrs to back my files up....somebody please advise me what to do. thankyou

Poor PC people. I used to have PC, but then I switched to Mac and have not experienced any major problems yet, if any exist. I used to download countless programs to try and fix Microsoft's shitty software but failed every time.

We just got this at our office. An employee clicked on a link or attachment in an email and wham -- we lost her computer and our server. Thankfully, it did not backwards contaminate any other machines.

Tom, nov 3 2013:
Thanks very much for your answer.
What I did was:
I write protected the files with the administrator password.
Only reading / running the file is permitted, but whenever a user tries to rename it, he is prompted to enter the administrator password.
What do you think, are these write protected files vulnerable to the virus?
Any comments would be highly appreciated!

Two other thoughts:
1. Does running as User (instead of Administrator) protect me from infection? I mean, the virus / exe does have to be installed, right? So you need administrator priviliges to be able to install it?
2. Doesn't the Firewall (e.g. Comodo) prevent the virus from connecting to the server of the perps? Thus preventing the sending of an encryption key?

I have had experience with this virus on a company employee's personal laptop. I had no success running my battery of tools that I possess in hopes to undo this virus. I was able to find all the registry keys, and location in the o.s., and remove everything, but you still wind up with all the data encrypted. This does not fix the problem. I had to reformat, and re-install the system as finding there was not too much value in data to be saved. I did not choose the ransom pmt. option that others may be forced to do.

Don't think it would help. The virus doesn't open the files, which would require the password. It just encrypts them. Think of it like this: Even if you give a file a password, you can still rename the file at a command prompt or in Explorer.

What about sniffing the network and logging all traffic for the last 7 days. Would it be possible to capture the encryption key as it's being sent? Why not customize a packet filter to capture and save any packets that look like encryption keys? I'm very familiar with sniffing, but unfortunately have no idea how you'd find the encryption key.

I work in IT and just had a customer call that has this infection. It's probably too late for him, and I really hope he has a backup, as I would never encourage paying the ransom.

And thanks for the info. I'll be looking at way to protect my customers who continue to slack on their backups.

Also: in addition to battling with clueless, spam-sending relatives and friends, I own a WD "My Book" 3T harddrive for super-easy backup. I back up my files and email every week or so . Which reminds me, I should do that this weekend. They're inexpensive at approximately $100 more or less at this point.

I'm old enough that idea of my stuff being backed up in "the cloud" does not appeal to me. ;) I like having the harddrive in hand.

I am forever yelling at friends & family who send "fun" links without bothering to personalize the message it's sent in. If you got an email that said, "This is my fav cat video!" with a link and nothing else (no name of the sender and not personalized with your name or any other info), would you click on that link to see the kitty? I got that email last week. Turned out it was legit, it really was her sending me her favorite cat link, but once again, I had to yell at the sender to STOP EMAILING ANONYMOUS LINKS! It's always the same half-dozen sweet-but-annoying people doing this.

My aunt's computer got infected with this Crypto ransomware so I did a restore, then did a restore My Documents folder. Everything looks normal and opens up fine. Looks like she got all her files working again.

I got encrypted...bad...infiltrated my servier, my google drive and and my dropbox that was synced.. Good news purging was not necessarily a bad thing...it made me prioritize what I needed to recover. Luckily my husband copy of what I had shared with him survived...and alot of files were originally attachments to emails so just going back and redownloading emails helpled. For me...paying the money would have alleviated an ton of the head game that Im still sorting thru....and I remember the file that my intuition screamed about.. first do all you can to prevent...but then Im open to the idea that 300 is less than the headache and tech bills potentially incurred to trying to live without your files.. Just a perspective.. All the reviews say they are unlocking files once paid... although Honest Criminal doesn't ring right with me. RealizeU

I don't think that anyone should give the "ethical concerns" a second thought. This is not the same dilemma as when terrorists demand a ransom from a nation state. Seriously, are you willing to sacrifice your data on some grand "policy" rationale that by giving money you theoretically increase the likelihood that a random stranger will face the same problem at some later date? The greater concern should be practical: By forking over 300 clams (or whatever that is in cyber funny money) to some creep in Russia, will your files truly be unencrypted and will the malware truly be eradicated from your machine.

You're making a fairly big leap of faith that the same person who has no scruples about harming you (and anyone else) just for monetary gain will actually remove said malware once you hand over the cash.

That's the same logic 419-scam victims use as they see their bank accounts emptied, dollar by dollar.

Reinstalling the OS is not a solution, unless you wipe the drive in between. Formatting is not a solution unless you wipe the drive. Quick Formatting only marks a previous file table for deletion. Long Formatting only adds ChkDSK, that's it.

Our company got infected by Cryptolocker. There was no way I was going to pay the ransom. We run always on backups with Microsoft DPM and it only took 2 hours to restore approx 1TB of data to mulitple servers. Crysis averted.

I personally would not pay the ransom and not because I am broke. I backup on a regular basis and never click attachments unless I am aware of the sender and am expecting an attachment. My sister clicks everything and it would be possible for her to be infected and send it to me.

I got hit with a ransomware acouple months ago.It showed up as a very official looking page saying I'd been viewing child porn. I don't view any porn,much less child. The end result was I'd have to pay a $300 USD fine to unlock my computer.
I did a restore to put it before the advent of this,which worked for acouple days,then one day while emailing my girlfriend,the screen went totally white. I'd never seen this before.I know what blue screen is,but never heard of one going white. Fortunately my pc was still under warranty,so I sent it in for repair. The ransomware(I suspect)had done something to my hard drive,and it had to be replaced. Fortunately it was still under warranty and didn't cost me anything.
I have no idea how this rode in.I never open unsolicited or unknown email,and as I said never watch porn,so it must have come in thru something else. The only attachments I open are from known sources,like my brother in San Francisco,or my girl friend who travels a lot,when they send me photos. It could have somehow latched onto one of them. My bro.doesnt use a pc-sends pix to my email via his smart phone,but my girl does use a pc,so it could have come in from her.
End result was it destroyed my hard drive.Could have been very expensive if not for the warranty!
Good article,MUO.Another big score for you!

My law office was infected with this virus today....we paid the ransom because we have to...they caught us between a rock and a hard place needing to access our client files. I think we are lucky that the system is currently being restored and it is actually working but what a mess! It goes without saying the time/expense my boss is paying for us to deal with all of this (employees to be here without access to our files and IT support/assistance). She may be paying for her mistake in opening something she shouldn't have but it is too bad people create things like this to ruin other people's work. I hope they find the creator of this...

Sorry to hear about your problem. While paying the ransom may have solved your immediate problem of access to clients' files, what makes you sure that the problem is solved for the future? How do you know for sure that ALL the files were unencrypted and that the ransomware has been completely removed? Having found an easy target (your firm), the perps will try again and again. When was the last time you heard of a blackmailer being satisfied with only one payment? I hope your IT people are smart enough to rebuild your system from the ground up with as many precautions built in as possible instead of just restoring the files from a backup.

Your question requires the presumption that once you pay they will actually give you the key. The other problem is presuming that if they give you a key it doesn't leave you all nicely set up for it to reactivate for additional bribery.

Regarding the comment below about your formatting. I too have received your email with the same odd additions to several words that are not present in the online version.

I would think that if you were to use common sense security measures and NOT open attachments, zip, or .exe files from unknown sources that you data would remain safe. People fall for scams of all sorts all the time, the key here is to stay frosty. I get Phishing e-mails allegedly from my bank always saying something stupid like my account has been compromised and that I need to go follow a link provided and re activate my account with new information, I assure you this does not happen ever and your bank would either contact you by snail mail or by phone and instruct you to go to your branch to do something like that. ( this way your sure it's the bank requesting this and they are sure your you) Yet thousands of people get scammed every year into giving criminals access to their banking information. Being cautious and being weak are NOT the same thing, you are responsible to protect yourself from these predators.

Yeah, me too; I get all sorts of dumb emails coming in about a 'Problem Delivery from a Parcel Service' an 'IRS Payment glitch', other stupid emails from Foriegn people I've never heard of. And all have either links or attachments contained in them. I just click 'Delete' as soon as I see one. The latest one was about some 'Administrator' inviting me to join some Forum I have never heard of = 'Delete'.

I never put anything on a computer I can't replace. Things like photos and music I copy to a DVD immediately. I got the FBI ransomware once. Just wiped the drive, and reinstalled Windows and no worries. You can try the "safe mode with networking" and try downloading "Combofix", I've heard that works. Malwarebytes is also a good one.

I'm running both WebRoot and Windows Defender on my Windows 8. Hopefully, that's enough. If ever I did get one of these bugs, I would - and this would suck for my wallet - pay for an entirely new Windows OS, wipe drive clean, then install. "It's the only way to be sure." - Line from Aliens II.

Got it last Friday so it had all day Saturday to work over my files. (employee opened an email attachment) Didn't pay. My trend-micro removed the virus overnight, but couldn't restore files. I have read that if the virus is removed chance of restoring even if you pay for the key is substantially reduced. Backup was encrypted too. My MIS contractor was able to restore 90% of the files from a shadow copy. Still it was a big hit and I haven't got the bill from the contractor yet. The government needs to sic the NSA on these folks.

Thanks dragonmouth. I expect your suggestion is better. For whatever it's worth, if you a small business and do have to hire a professional to restore your documents from a backup as I did, you should contact your insurance company and make a claim. I purchased a "valuable papers" rider with my coverage. It was less that $50 a year extra and it looks like they are going to cover the cost of paying someone to restore the backup from a shadow copy. Also, it did not encrypt anything in exchange. So if you have copies of documents that you emailed to someone using outlook and exchange you can retrieve them by going through your emails and archives. Tedious, but beats the heck out of retyping a 20 page document.

I paid and it uncrytpted everything for a couple of hours then they infected most of my computers in my domain. Even when they say the have uninstalled the trojan once you run a program like maleware bytes it shows that you computer is infested with all kinds of bots.

For perspective on bitcoin, Cryptolocker, MOOGland and Chinese "bit farmers" (not to mention crazy Idaho survivalist families) I highly recommend Neil Stephenson's book "Reamde". You won't be sorry, if you like science fiction.

When I click on the CryptoPrevent link in this message I get a "Halt - Do you want to go there?" message from Mcafee. Is there a reason why McAfee has blacklisted that site. I'm a little concerned about downloading software from a site in that status.

My daughter's computer was "infected" with ransomware from The CyberCrime Division of The Internet Police. This one wouldn't even let the pc boot even in safe mode. Through googling, I found a reference to this on a site, <> which offers a free utility called HitMan.Alert2. Checked out SurfRight and seems okay (I'm always suspicious). HitMan.Alert2 boots from a USB stick/key before Windows and disables the rootkit as well as cleans out the registry keys and .dll files. It worked for us.

Subsequent checking with Malware Bytes (free but I love it and made a donation), SpyBot Search and Destroy (used it since WinDos). I also use a Mozilla add-on calls KeyScrambler from QFX.

But I have used ESET Nod32 for maybe 10 years, now on ESET Internet Security and it has saved me from a number of legitimate websites which tried to install malware. I think it is cheap and it is always in the top of a number of independent tests annually. If you install it, you'll get a cheap annual upgrade rate. You can put it on 3 machines and it also has a Mac version. It integrates into FireFox and Flock and IE for those who like Bing (I don't understand this trapware).

Finally, I recommended RevoUnistaller Pro which lists all the stuff running at anytime on your machine, closes boot up things you don't need, a number of other helpful screens and it's uninstal program not only removes the program files but all references to the program. Adobe is the worst, sometimes with thousands of references and files. I love it and pay for it.

This is just my opinion and experience from 30 years of computing and maintenance of machines (I'm not IT).

Recently MUO had an article about security blogs. Please read the article and read the articles that the blogs have about the security of cloud storage. Very eye-opening and educational. Bottom line is that cloud storage is no safer than local storage, no matter what the cloud storage providers advertise.

Cloud storage is no solution because the files still can be held for ransom. Not because of malware but because of corporate policy changes, changes in corporate ownership or storage providers going out of business.

I've used computers since the days of mainframes and punch cards. I've got 30+ years as an avid pc user before anyone wanted them (afraid to lose their "creativity"). Learned programming enough to make a Dos menu, basic Basic and so on. But I've had no end of trouble with command line Linux. Like wipe-cleaned hds on an infected machine. Luckily there were backups from Acronis. I have no interest in going "back" to learn another program especially in view of the rapid command changes in and Disneyfication of Vista, Win 7+ as well as MS Word since 2003. It's getting hard to be productive again without having to buy the Missing Manual to discover what things are now called and where they are because MS no longer documents their programs. I'd hate to have to teach my co-workers and friends again and tell them what they no longer know. MS is an ageist company despite their sop to accessibility.

I started out punching cards myself. But I got fully into Linux only a couple years ago and found out that there's a lot of Windows-like GUI clickyness about it, in addition to the command line which is usually faster. Take your pick.

My granddaughters run Bodhi. It's easier, and a LOT safer, than running Windows. There are 300 other Linux distros besides Ubuntu. I like Mint (of course, they're both Ubuntu derivatives). Zorin might be better for those who just can't tear themselves away from the familiarity of Windows.

With all the liberals in the world and techie giants, who have money, no one is willing to just Jail or assonate these bastard pseudo geniuses.
End of problem !
Of course unless you're envious/jealous of their smarts and want to perpetuate the madness, so you can stay employed?
Evil is Evil, no matter how you sugar-coat it!

I shouldn't feed a troll, but how on earth do you manage to bring liberals into this? I know it must be heard with a pea sized brain to contemplate this, but these criminals operate beyond borders. No single country has jurisdiction to just, off the bat, go to assassinate (see that correct spelling!) these people.

The people, when found, will face justice, and as a liberal, I would support that. But to kill them for it? A tad severe, no? But the trouble is, it's not so easy to find these people. Blaming liberals for this and the lack of finding them, and insinuating that it's because we are envious of their intelligence, is absolute nonsense - throw away that tin foil hat of yours!

How about you find them?! I suppose you think it's so easy, since us liberals are to blame for inaction.

Just accept that although, as you infer, we are on average more intelligent, we still have our limits. And in addition this liberal, as I suspect most are, have just as much contempt for Cryptolocker and it's maker(s). No-one's endorsing it, or saying it's a work of art and that it's not evil - again, put that tin foil hat away, you special person you!

The defense seems simple enough. Back up your computer. My NovaStor backup saves its store as a file with an extension .nbd. That is not on the list of things that get encrypted. If worried about it, you could manually change the extension of the backup file to something like .sys, which the crypto program cannot go encrypting willy-nilly and expect the computer to continue to run. Or, you can back up to external drives, and then turn them off.

Does each file get a different 2048 bit key? If not I think it would be easier to break the encryption if you know the content of one or more encrypted file? I certainly could not do it, but perhaps someone could supply such a program

I had the same situation on one of my client workstations. If you have windows 7 or 8 and professional version or higher, you can hopefully exploit the volume shadow service that runs by default on those pc’s. Download the free utility Shadow Explorer at shadowexplorer.com and export your lost files from a timestamp that’s before the encryption. This worked for me.

Brilliant, although this only removes the malware. It doesn't decrypt the files that CryptoLocker gets its grubby hands on. For that, you'll either have to revert to an earlier backup, or pay the ransom.

Matthew I lost 2 years worth of data, countless pictures, files etc. Most I have backed up somewhere I think but it was very frustrating and painful. Sick thing was I stupidly stored all my passwords on a note card right on the desktop. I won't do that again.

Cortman I don't think Star Wars The Old Republic is compatible with Linux. And I have to have some form of relaxation after a rough day at the clinic.

I wonder, USA, that has the technological power to send a virus to the computers of Iran's nuclear centers or spy cell phones presidents, can not locate the recipient of an account MonkeyPack or Ukash? Or else .... this type of attack are NSA practices and we the guinea pigs ...

Being totally paranoid, I use VMWare to run another copy of Windows. I do all my coding on the virtual machine. (Since my virtual machine is just another file, If my virtual machine is toasted, I simply delete the corrupted file and copy a new one.) My source code is kept in a folder, on the virtual machine, encrypted by TrueCrypt. When I'm done for the day. I close the TrueCrypt volume, copy it to two external hard drives. I keep one external drive with my computer and the other elsewhere. I also, only read emails and surf from the virtual machine. I do almost nothing on the physical machine.

hold on a second. in simple terms, encryption is the same as converting digital information into something only you understand, kind of like making up your own language. then it should be possible to encrypt something twice. imagine some very simple encryption like just reversing the information like piece of text that said "hello world!" would turn into "!dlrow olleh" and if you then encrypt it by turning the letters into specified numbers, you would have to decrypt it twice.

so if the cryptolocker encrypted an encrypted file, that file would have been lost anyway. so encrypting your documents wont save them from cryptolocker or am i completely wrong. i just dont see how encrypting information protects them from encryption. that is unless it looks for certain filetypes of course, if it wildly encrypted everything it had access too, it could corrupt the machine and then the people behind the software would never get ransom in the first place.

point is, some people claim encrypting your files protects them from cryptolocker, but i dont see how that makes them immune from further encryption.

A viable cryptolocker-resistant network backup is to use a shared volume which is only write-accessible by a specific account. You run your backup service (and only your backup service) under this account.

These criminals should be tracked down and charged to the full extent of the law (extortion is a crime)! As for would I pay, NO, and the only things I would lose would be code, but if I lose these, I always write it better when I rewrite so no real loss except the time taken to replace them!

I think U.S. Governmental Agencies should co-operate with white-hack hackers in order to physically catch hackers like the CryptoLocker gang and charge them as the extortionist ransoming malicious thieves they are.

Honestly, the hackers are making the government of the U.S. look pitifully outsmarted, meaning unless they're caught, lots more people are going to become hackers in the coming future.

I suggest making your backups on DVD discs, if you can fit them. Once the session is closed it can't be messed up.
BTW, was that UTube link a test to see who would click on it after reading the article?

My computer at work got infected and it completely took over the shared drive so none of us can access. We ended up having to pay the ransom - takes 2 business days for payment to clear. I need to know if it affects phones - my phone has been acting weird lately and I did hook it up to my computer.

I'm sorry that happened. :( I don't think it affects phones, but if you can mount your phone as external storage and you've got certain files on there, it's entirely possible for it to effect your device.

I had one of those dumb cryptolock deals infect my laptop. let my girl mess with it for a night and the next day it was fixed. everything was good to go with no loss of anything... now I'm wondering what all she can do on a computer.

Who are these people who create such destroying software? They
really don't care about other's belongings. I'll be extra careful. On
my external HDD is practically my whole life, losing this would be fatal
for me. But what kind of ransom is that to demand BitCoins, Monkey Pay or
Ukash? I even don't know what the latter two are! I'm nothing but horrified
about this!

Yes, my point is that we shouldn't complain too much, if we (widely meant) allow that.

In my country it would be really hard to do something like that.
There is no way to buy anything that involves money (from prepaid cards, to mobile SIM), without providing at least some kind of identification document.

And, even though I think I've used something like money transfer services only once in my life, a lot of years ago, I might be wrong, but I must provide the ID also to withdraw money from this kind of channels.

And that's good, from my point of view: this should happen everywhere in the world, but I know I'm simply dreaming :)

Bitcoin is most certainly not untraceable. It's just hard to track, but governments have pretty much cracked the anonymity of it in multiple cases. They use the public string that everyone has access to. Make no mistake the proprietors of this are almost certainly on someone's radar.

There is one rule that has been around since the first virus was spread across the Internet a couple of decades ago. Don't run executable programs from the Internet unless you get them directly from the source or trusted mirror sites. Sheesh! It's like giving the Gremlins food after midnight for Pete's sake. Just follow the rules people.

Update the rule to “Don't click on a suspicious link.” I should be able to write an entire short blog post on that, which would entail checking the padlock icon for purported https sites, looking more closely at the URL, etc.

Those most at risk are families. The kids are now quite computer literate, but also quite computer niave/immature. They'll happily click on these suspicious links. So the advice "don't click on external links" doesn't really help.

So, the question evolves to: how as the manager of the family's machines do I protect the family and our resources (other than the obvious of keeping a virus scanner up to date)?

If the isolated backup is reconnected/connected to an infected machine during the backup process, will it not also be compromised?

It CAN affect Macs. I had a client less than a week ago who had the CryptoLocker virus infect her Windows XP installation. Trouble was she was running it virtualized through Parallels Desktop on her iMac. She also had the access Mac home folder from Windows enabled in Parallels. As a result every single one of her pdf, eps, jpeg and Office documents on the Mac partition were hosed. Naturally it took out the same file types in Windows but there weren't many of those. Most of her work was on the Mac.

Since it doesn't affect Macs I am currently immune. However, I do run the Time Machine backup software to a wireless external hard drive. I wonder if it could access it if Macs were targeted (not that I'd run a program downloaded from the Internet in the first place.)

So, if the drive is readable by Windows (e.g., it's FAT-formatted, or ext filesystem drivers are installed, or you're using Wubi), your Ubuntu system will be hosed if Windows is infected. Ubuntu will not be infected.

If Ubuntu is on a separate, ext4 (the default) partition, and Windows can't read it, your Ubuntu will be safe.

CryptoLocker ONLY encrypts drive letters that are returned via the GetLogicalDrives function. If your ubuntu partition is mapped as a drive letter it will be scanned for files types that CryptoLocker likes to encrypt. If its not mapped, then you have nothing to worry about.

Some people were getting their stuff back, it's why people pay up in the first place, but white hats(hackers for good) already took out the C&C(command and control) computers knocking out any ability to recover your file data. Most people were getting their files back before this, otherwise why pay up?

Though it is recommended that you do not pay the ransom if at all possible, paying the ransom will initiate the decryption process. As for the C2 servers being taken out, that is not true. Some of them have been blackholed for monitoring reasons, but unfortunately the rest are still live and kicking.

This is a double-edged sword. If you take them out noone else will get infected, but then there will be no way to pay the ransom and recover your files. Not an easy situation.

We paid the ransom. It was the only thing to do. The ransomeware is real. If it was a single pc, I wouldn't be so concerned but for it affected our network shared folders and that was problematic because these are files that we need for our day to day business.

I would suggest that sensitive data should be encrypted and backed up on cloud storage. Use truecrypt in combination with spideroak (they have zero-knowledge policy) for example. Everything else is easy to revert (OS, programs etc) if something like this should happen.

If your server is accessible as a mounted network drive, then odds are good that your code can be compromised with CryptoLocker. Likewise if you've got it mounted as removable storage. Otherwise, I think you're fine!

Any drive letter on an infected computer will be scanned by CryptoLocker for matching file types and encrypted. UNC network shares are left alone. Therefore, if dropbox or skydrive are mapped to a drive letter then the infection WILL attempt to encrypt it. Dropbox allows you to restore your files to a previous date before they were infected, so you will be in good shape there.

Watch this then you will realize there no way you protect yourself once the quantum computer get in to public hands but this is a must watch it's a good doc it a must watchhttp://www.youtube.com/watch?v=_4NrrKTYmBI

Matthew Hughes is a software developer and writer from Liverpool, England. He is seldom found without a cup of strong black coffee in his hand and absolutely adores his Macbook Pro and his camera. You can read his blog at http://www.matthewhughes.co.uk and follow him on twitter at @matthewhughes.